<?php
include_once '../lib/glob.php';
include_once '../lib/lib.php';
//security check:
if (!isset($_POST["Username"]) or !isset($_POST["Password"])) {
die("<h1>ERROR ON PAGE</h1>");
}
//assign vars
$usr = lib_cn_name_filter(trim($_POST["Username"]));
$psw = lib_psw_filter(trim($_POST["Password"]));
//check if password and username match:
if (isUsrPswMatch($usr, $psw)) {
if (email_vertify($usr)) {
$_SESSION["username"] = $usr;
$_SESSION["password"] = $psw;
$_SESSION["id"] = getUserID($usr, $psw);
header("Location:../index.php");
exit;
} else {
setAlertMsg("帳號還沒有被激活!");
header("Location:../login.php");
exit;
}
} else {
setAlertMsg("用戶或密碼不正確!");
header("Location:../login.php");
exit;
}
<?php
include_once '../lib/glob.php';
include_once '../lib/lib.php';
if (!isset($_SESSION["id"]) or !isset($_SESSION["username"])) {
echo "請登入";
exit;
}
if (isset($_POST["pid"]) and !empty($_POST["pid"]) and isset($_SESSION["id"]) and isset($_POST["quantity"]) and !empty($_POST["quantity"])) {
if (lib_number_validate($_POST["quantity"])) {
$QTY = $_POST["quantity"];
} else {
die("不能打数字以外的字符!");
}
if (lib_psw_filter($_POST["pid"])) {
$pid = $_POST["pid"];
} else {
die("不正確的字符!");
}
$query1 = "SELECT * FROM carts \n\t\t\t\tWHERE carts.pid = '{$pid}' AND carts.id = '{$_SESSION['id']}'";
$result1 = mysql_query($query1);
if (mysql_num_rows($result1) == 0) {
$QTY = checkQTY($pid, $QTY);
if ($QTY == 0) {
echo "對不起本書暫時缺貨,如要预订,请联系我们!";
} else {
if ($_POST["quantity"] != $QTY) {
echo "抱歉, 庫存量限制我們給了最大數量, 如要预订,请联系我们!";
} else {
echo "成功添加到購物車";
}
